If you work with JavaScript at all, you probably saw a ton of noise yesterday about a vulnerability in the event-stream npm package. Unfortunately, the actual forensic analysis of the issue is buried under 600+ comments on the GitHub issue, most of which are just people flaming about the state of npm, open source, etc. I thought that was a shame, because the vulnerability was actually exceptionally clever and technically interesting, and teaches some important lessons about maintaining security in JavaScript applications. So I decided to write an explainer detailing what happened, how the attack worked, and how the JavaScript community can better defend against similar attacks in the future.

JavaScript is the main cause for making websites slow. Ten years ago it was network bottlenecks, but the growth of JavaScript has outpaced network and CPU improvements on today's devices. In the chart below, based on an analysis from the HTTP Archive, we see the number of requests has increased for both first and third party JavaScript since 2011.

The following chart shows the growth in the total size of JavaScript from 2011.

Certainly the amount of JavaScript has increased. Total number of requests went from 9 to 18, and total size increased from 85 KB to 364 KB. (These are medians from the world's top ~1.3 million sites tested on desktop.) It's interesting to see that the size of scripts is growing more rapidly than the number of scripts - we're packing twice as much code into each script compared to 7 years ago.

Learning modern JavaScript is tough if you haven’t been there since the beginning. The ecosystem is growing and changing so rapidly that it’s hard to understand the problems that different tools are trying to solve. I started programming in 1998 but only began to learn JavaScript seriously in 2014. At the time I remember coming across Browserify and staring at its tagline:

“Browserify lets you require(‘modules’) in the browser by bundling up all of your dependencies.”

I pretty much didn’t understand any word in this sentence, and struggled to make sense of how this would be helpful for me as a developer.

IntelliCode augments your IntelliSense by recommending commonly used completion items for your current context at the top of your list. These contextual recommendations are generated by common practices learned from having IntelliCode train across thousands of real-world projects. This saves you time by putting what you’re most likely to use at the top of your list, so you don’t have to search though alphabetical suggestions.

Install the Visual Studio IntelliCode extension through the marketplace or install it from the Extensions tab in Visual Studio Code. Then, just open a TypeScript or JavaScript file and start editing. You will start seeing

JavaScript is one of the most popular programming languages in the world, and is now widely used also outside of the browser. The rise of Node.js in the last few years unlocked back-end development - once the domain of Java, Ruby, Python, PHP, and more traditional server-side languages.

The JavaScript Handbook follows the 80/20 rule: learn 80% of JavaScript in 20% of the time.

Learn all you need to know about JavaScript!

Note: you can get a PDF, ePub, or Mobi version of this handbook for easier reference, or for reading on your Kindle or tablet.

JavaScript is one of the most popular programming languages in the world. Created 20 years ago, it’s gone a very long way since its humble beginnings.

Note: This is part of the “Composing Software” series on learning functional programming and compositional software techniques in JavaScript ES6+ from the ground up. Stay tuned. There’s a lot more of this to come!< Previous | << Start over at Part 1

The functional and imperative programming paradigms we use today were first explored mathematically in the 1930s with lambda calculus and the Turing machine, which are alternative formulations of universal computation (formalized systems which can perform general computation). The Church Turing Thesis showed that lambda calculus and Turing machines are functionally equivalent — that anything that can be computed using a Turing machine can be computed using lambda calculus, and vice versa.

What does Gutenberg bring to the future of WordPress? In this article, Leonardo Losoviz shares a number of implications of building sites through a component-based architecture (as the concept) and through Gutenberg (as the implementation), including what new functionalities it can deliver and how much better it can integrate with current website development trends.

Despite having been called CSS Wizardry for over a decade now, there hasn’t been a great deal of CSS-related content on this site for a while. Let me address that by combining my two favourite topics: CSS and performance.

CSS is critical to rendering a page—a browser will not begin rendering until all CSS has been found, downloaded, and parsed—so it is imperative that we get it onto a user’s device as fast as we possibly can. Any delays on the Critical Path affect our Start Render and leave users looking at a blank screen.

Web developers who want to expand their JavaScript, React and Node skills while learning all about GraphQL.

You should be already familiar with the basics of React - components, state, props, modules and event handlers. If you have taken my React For Beginners course or built a few things in React, you are in good shape.

You should be comfortable with both writing and debugging modern JavaScript including arrow functions, classes, promises, async+await and other commonly used parts of ES6. You of course can take my ES6 for Everyone to skill up on this.

The backend of the course is written in Node. Prior node knowledge is nice, but not required for this course as you should be able to keep up no problem. You can take

⚡️ Walt is an alternative syntax for WebAssembly text format. It's an experiment for using JavaScript syntax to write to as 'close to the metal' as possible. It's JavaScript with rules..walt files compile directly to WebAssembly binary format.

Highlights:

Write "close to the metal" JavaScript!

No C/C++ or Rust required, just typed JavaScript.

NO LLVM/binary toolkits required, zero dependencies 100% written in JS.

Fast compilation, integrates into webpack!

🐥 Current status: Alpha

Writing zero-overhead, optimized WebAssembly is pretty tough to do. The syntax for .wat files is terse and difficult to work with directly. If you do not wish to use a systems language like C or Rust, then you're kind of out of luck. Your best bet (currently) is to write very plain C code, compile that to .wast and then optimize that result. Then you're ready to compile that into the final WebAssembly binary. This is an attempt to take C/Rust out of the equation and write 'as close to the metal' as possible without losing readability.

Shouldn’t someone who worked 10+ years in the Java SE team at Sun Microsystems bleed Java bytecodes and be instantiating abstract interfaces until the last breath? For this former Java SE team member, learning the Node.js platform in 2011 was a breath of fresh air. After being laid off from Sun in January 2009 (just prior to the Oracle buyout), I learned about and became hooked on Node.js.

Just how hooked? Since 2010, I have written extensively about Node.js programming. Namely, four editions of Node.js Web Development, plus other books and numerous tutorial blog posts on Node.js programming. That’s a LOT of time explaining Node.js and advancements in the JavaScript language.

This is a book on the functional paradigm in general. We'll use the world's most popular functional programming language: JavaScript. Some may feel this is a poor choice as it's against the grain of the current culture which, at the moment, feels predominately imperative. However, I believe it is the best way to learn FP for several reasons:

You likely use it every day at work.

This makes it possible to practice and apply your acquired knowledge each day on real world programs rather than pet projects on nights and weekends in an esoteric FP language.

There are currently two main open-source foundations that focus on JavaScript: the JS Foundation, which was founded in 2016, and the Node.js Foundation, which launched in 2015. The JS Foundation’s mission is to shepherd the ecosystem around the language, while Node.js obviously focuses on the Node.js technology for using JavaScript server-side with the help of Google’s V8 engine and growing that ecosystem. Now, these two foundations want to merge.

This is not a done deal and the two organizations plan to get feedback from their respective communities, starting with an in-person Q&A at the upcoming Node+JS Interactive conference, as well as online.

Modular JavaScript is a book series with the mission of improving our collective understanding of writing robust, well-tested, modular JavaScript code. Mastering Modular JavaScript is the second book in the series, and it discusses modular JavaScript application development. Mastering Modular JavaScript includes hundreds of real-world patterns and practices, as well as detailed explanations of what works and what hasn’t when it comes to leveraging ES6 in the wild.

This book focuses on two aspects of JavaScript development: modularity and leveraging ES6 features. You’ll learn how to tackle application development by following a scale-out approach. As pieces of your codebase grow too big, you can break them up into smaller modules.

After all my teachings about React, be it online for a larger audience or on-site for companies transitioning to web development and React, I always come to the conclusion that React is all about JavaScript. Newcomers to React but also myself see it as an advantage, because you carry your JavaScript knowledge for a longer time around compared to your React skills.

During my workshops a greater part of the material is about JavaScript and not React. Most of it boils down to JavaScript ES6 and beyond features and syntax, but also ternary operators, shorthand versions in the language, the this object, JavaScript built-in functions (map, reduce, filter) or more general concepts such as composability, reusability, immutability or higher-order functions. These are the fundamentals, which you don’t need necessarily to master before starting with React, but which will definitely come up while learning or practicing it.

It's hard to escape the gravity of internet giants like Facebook and Google. Not only do they offer an ever-growing number of apps and services that are hard to live without, many other popular websites and applications incorporate code written by these companies.

That's because today's web developers don't typically write all of their code themselves. Instead, they rely on open source "frameworks," which provide both a collection of reusable parts and an overall structure for building an application. Frameworks free developers from much grunt work, allowing them to focus on the newer, more interesting parts of an application.

This document contains a list of practices which will help us boost the performance of our Angular applications. "Angular Performance Checklist" covers different topics - from server-side pre-rendering and bundling of our applications, to runtime performance and optimization of the change detection performed by the framework.

The document is divided into two main sections:

Network performance - lists practices that are going to improve mostly the load time of our application. They include methods for latency and bandwidth reduction.

I've been working on TypeScript for over two years now(!) so I thought I'd write a post or two to reflect. I should open with the standard disclaimer: I am just a random engineer at a company with tens of thousands of them, and others surely disagree with the opinions expressed here.

Google embraced web applications early. Can you believe it's been 14 years since Gmail was released? JavaScript back then was pure madness. Gmail engineers had to worry so much about Internet Explorer's poor garbage collection algorithm that they'd need to manually hoist string literals out of for loops to avoid GC pauses. I recently found a design doc from that era where they considered doing what today we'd call "minifying" the JavaScript but noted that some candidate tools were Windows-only. Today that feels unimaginable.

David Walsh (davidwalsh.name) says:"Many authors write in a way to reinforce that they're the smartest guy in the room. What people like them don't understand is that eager-to-learn developers have already bought the book: they trust that you're the expert, so you don't have to use advanced verbiage to look intelligent. Cody skips that ego-centric exercise, explaining JavaScript concepts in Layman's terms." (source)

Michael Woloszynowicz (www.w2lessons.com) says:"JS Enlightenment does a good job of presenting often confusing concepts in a clear and simple manner that would make future reading more effective and increase the depth of learning. It achieves a good deal of its clarity through a copious use of well documented examples that are simple to understand but provide a great deal of insight into the language. For those already familiar with JavaScript, there's still a lot of value to be had from this book and will serve as an excellent reference if something should slip your mind." (

The downloaded icon is composed of visual elements (<g> elements), and a <script> tag that includes the JavaScript code for the animation.

If you plan on including multiple two-state icons in your web project, then make sure to remove the <script> tag from the <svg> and include its content in your .js file so that you do not duplicate the javascript code (the content of the <script> tag has to be included only once and it is going to work for all your icons).

Import and preview animated icons in Nucleo

If you are using the Nucleo app, you can upload and preview animated icons directly within the app!

After almost 2 years, 4k commits, over 50 pre-releases, and a lot of help we are excited to announce the release of Babel 7. It's been almost 3 years since the release of Babel 6! There's a lot of moving parts so please bear with us in the first weeks of release. Babel 7 is a huge release: we've made it faster, created an upgrade tool, JS configs, config "overrides", more options for size/minification, JSX Fragments, TypeScript, new proposals, and more!

If you appreciate the work we're doing on Babel, you can sponsor Babel on Open Collective, support me on Patreon, or get you or your company involved with Babel as part of work. We'd appreciate the collective ownership of this vital project in the JavaScript community!

It's hard to escape the gravity of internet giants like Facebook and Google. Not only do they offer an ever-growing number of apps and services that are hard to live without, many other popular websites and applications incorporate code written by these companies.

That's because today's web developers don't typically write all of their code themselves. Instead, they rely on open source "frameworks," which provide both a collection of reusable parts and an overall structure for building an application. Frameworks free developers from much grunt work, allowing them to focus on the newer, more interesting parts of an application.

JSON has taken over the world. Today, when any two applications communicate with each other across the internet, odds are they do so using JSON. It has been adopted by all the big players: Of the ten most popular web APIs, a list consisting mostly of APIs offered by major companies like Google, Facebook, and Twitter, only one API exposes data in XML rather than JSON. Twitter, to take an illustrative example from that list, supported XML until 2013, when it released a new version of its API that dropped XML in favor of using JSON exclusively. JSON has also been widely adopted by the programming rank and file: According to Stack Overflow, a question and answer site for programmers, more questions are now asked about JSON than about any other data interchange format.

A progressive Node.js framework for building efficient and scalable server-side applications, heavily inspired by Angular.

Description

Nest is a framework for building efficient, scalable Node.js server-side applications. It uses modern JavaScript, is built with TypeScript (preserves compatibility with pure JavaScript) and combines elements of OOP (Object Oriented Programming), FP (Functional Programming), and FRP (Functional Reactive Programming).

Under the hood, Nest makes use of Express, but also, provides compatibility with a wide range of other libraries, like e.g. Fastify, allowing for easy use of the myriad third-party plugins which are available.

Web attacks explode these days as security comes to the front of the stage. We’ve compiled over 23 Node.js security best practices (+40 other generic security practices) from all top-ranked articles around the globe. The work here is part of our Node.js best practices GitHub repository which contains more than 80 Node.js practices. Note: Many items have a read more link to an elaboration on the topic with code example and other useful information.